internal static NetworkInterfaceAssociation DeserializeNetworkInterfaceAssociation(JsonElement element) { Optional <IReadOnlyList <SecurityRuleData> > securityRules = default; ResourceIdentifier id = default; foreach (var property in element.EnumerateObject()) { if (property.NameEquals("securityRules")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } List <SecurityRuleData> array = new List <SecurityRuleData>(); foreach (var item in property.Value.EnumerateArray()) { array.Add(SecurityRuleData.DeserializeSecurityRuleData(item)); } securityRules = array; continue; } if (property.NameEquals("id")) { id = property.Value.GetString(); continue; } } return(new NetworkInterfaceAssociation(id, Optional.ToList(securityRules))); }
internal static SecurityRuleListResult DeserializeSecurityRuleListResult(JsonElement element) { Optional <IReadOnlyList <SecurityRuleData> > value = default; Optional <string> nextLink = default; foreach (var property in element.EnumerateObject()) { if (property.NameEquals("value")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } List <SecurityRuleData> array = new List <SecurityRuleData>(); foreach (var item in property.Value.EnumerateArray()) { array.Add(SecurityRuleData.DeserializeSecurityRuleData(item)); } value = array; continue; } if (property.NameEquals("nextLink")) { nextLink = property.Value.GetString(); continue; } } return(new SecurityRuleListResult(Optional.ToList(value), nextLink.Value)); }
SecurityRule IOperationSource <SecurityRule> .CreateResult(Response response, CancellationToken cancellationToken) { using var document = JsonDocument.Parse(response.ContentStream); var data = SecurityRuleData.DeserializeSecurityRuleData(document.RootElement); return(new SecurityRule(_armClient, data)); }
public async Task VerifyIpFlowApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; var resourceGroup = await CreateResourceGroup(resourceGroupName, location); string virtualMachineName1 = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName1 + "-nsg"; //Deploy VM with a template var vm = await CreateWindowsVM(virtualMachineName1, networkInterfaceName1, location, resourceGroup); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcher properties = new NetworkWatcher { Location = location }; //await networkWatcherContainer.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties); string localIPAddress = GetNetworkInterfaceContainer(resourceGroupName).GetAsync(networkInterfaceName1).Result.Value.Data.IpConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule var SecurityRule = new SecurityRuleData() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; var networkSecurityGroupContainer = GetNetworkSecurityGroupContainer(resourceGroupName); Response <NetworkSecurityGroup> nsg = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName); nsg.Value.Data.SecurityRules.Add(SecurityRule); var createOrUpdateOperation = await networkSecurityGroupContainer.CreateOrUpdateAsync(networkSecurityGroupName, nsg.Value.Data); await createOrUpdateOperation.WaitForCompletionAsync();; VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(vm.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14"); //Verify IP flow from a VM to a location given the configured rule var verifyIpFlowOperation = await GetNetworkWatcherContainer("NetworkWatcherRG").Get("NetworkWatcher_westus2").Value.VerifyIPFlowAsync(ipFlowProperties); Response <VerificationIPFlowResult> verifyIpFlow = await verifyIpFlowOperation.WaitForCompletionAsync();; //Verify validity of the result Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString()); Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName); }
private void CompareSecurityRule(SecurityRuleData rule1, SecurityRuleData rule2) { Assert.AreEqual(rule1.Name, rule2.Name); Assert.AreEqual(rule1.Etag, rule2.Etag); Assert.AreEqual(rule1.Access, rule2.Access); Assert.AreEqual(rule1.Description, rule2.Description); Assert.AreEqual(rule1.DestinationAddressPrefix, rule2.DestinationAddressPrefix); Assert.AreEqual(rule1.DestinationPortRange, rule2.DestinationPortRange); Assert.AreEqual(rule1.Direction, rule2.Direction); Assert.AreEqual(rule1.Protocol, rule2.Protocol); Assert.AreEqual(rule1.ProvisioningState, rule2.ProvisioningState); Assert.AreEqual(rule1.SourceAddressPrefix, rule2.SourceAddressPrefix); Assert.AreEqual(rule1.SourcePortRange, rule2.SourcePortRange); }
public async Task SecurityRuleWithRulesApiTest() { string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = TestEnvironment.Location; var resourceGroup = await CreateResourceGroup(resourceGroupName); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); string securityRule1 = Recording.GenerateAssetName("azsmnet"); string securityRule2 = Recording.GenerateAssetName("azsmnet"); string destinationPortRange = "123-3500"; NetworkSecurityGroupData networkSecurityGroup = new NetworkSecurityGroupData() { Location = location, SecurityRules = { new SecurityRuleData() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg var networkSecurityGroupContainer = resourceGroup.GetNetworkSecurityGroups(); var putNsgResponseOperation = await networkSecurityGroupContainer.CreateOrUpdateAsync(networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await putNsgResponseOperation.WaitForCompletionAsync();; Assert.AreEqual("Succeeded", putNsgResponse.Value.Data.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Data.Name); // Get SecurityRule Response <SecurityRule> getSecurityRuleResponse = await getNsgResponse.Value.GetSecurityRules().GetAsync(securityRule1); Assert.AreEqual(securityRule1, getSecurityRuleResponse.Value.Data.Name); CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[0], getSecurityRuleResponse.Value.Data); // Add a new security rule var securityRule = new SecurityRuleData() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; var putSecurityRuleResponseOperation = await getNsgResponse.Value.GetSecurityRules().CreateOrUpdateAsync(securityRule2, securityRule); Response <SecurityRule> putSecurityRuleResponse = await putSecurityRuleResponseOperation.WaitForCompletionAsync();; Assert.AreEqual("Succeeded", putSecurityRuleResponse.Value.Data.ProvisioningState.ToString()); // Get NSG getNsgResponse = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName); // Get the SecurityRule2 Response <SecurityRule> getSecurityRule2Response = await getNsgResponse.Value.GetSecurityRules().GetAsync(securityRule2); Assert.AreEqual(securityRule2, getSecurityRule2Response.Value.Data.Name); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Deny, getSecurityRule2Response.Value.Data.Access); Assert.AreEqual("Test outbound security rule", getSecurityRule2Response.Value.Data.Description); Assert.AreEqual("*", getSecurityRule2Response.Value.Data.DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getSecurityRule2Response.Value.Data.DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Outbound, getSecurityRule2Response.Value.Data.Direction); Assert.AreEqual(501, getSecurityRule2Response.Value.Data.Priority); Assert.AreEqual(SecurityRuleProtocol.Udp, getSecurityRule2Response.Value.Data.Protocol); Assert.AreEqual("Succeeded", getSecurityRule2Response.Value.Data.ProvisioningState.ToString()); Assert.AreEqual("*", getSecurityRule2Response.Value.Data.SourceAddressPrefix); Assert.AreEqual("656", getSecurityRule2Response.Value.Data.SourcePortRange); CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[1], getSecurityRule2Response.Value.Data); // List all SecurityRules AsyncPageable <SecurityRule> getsecurityRulesAP = getNsgResponse.Value.GetSecurityRules().GetAllAsync(); List <SecurityRule> getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync(); Assert.AreEqual(2, getsecurityRules.Count()); CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[0], getsecurityRules.ElementAt(0).Data); CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[1], getsecurityRules.ElementAt(1).Data); // Delete a SecurityRule await getSecurityRule2Response.Value.DeleteAsync(); getsecurityRulesAP = getNsgResponse.Value.GetSecurityRules().GetAllAsync(); getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync(); Has.One.EqualTo(getsecurityRules); // Delete NSG await getNsgResponse.Value.DeleteAsync(); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = networkSecurityGroupContainer.GetAllAsync(); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
public async Task ViewNsgRuleApiTest() { string resourceGroupName = Recording.GenerateAssetName("azsmnet"); string location = "westus2"; var resourceGroup = await CreateResourceGroup(resourceGroupName, location); string virtualMachineName = Recording.GenerateAssetName("azsmnet"); string networkInterfaceName = Recording.GenerateAssetName("azsmnet"); string networkSecurityGroupName = virtualMachineName + "-nsg"; //Deploy VM with template var vm = await CreateLinuxVM(virtualMachineName, networkInterfaceName, location, resourceGroup); //TODO:There is no need to perform a separate create NetworkWatchers operation //Create network Watcher //string networkWatcherName = Recording.GenerateAssetName("azsmnet"); //NetworkWatcherResource properties = new NetworkWatcherResource { Location = location }; //Response<NetworkWatcherResource> createNetworkWatcher = await networkWatcherCollection.CreateOrUpdateAsync(true, resourceGroupName, networkWatcherName, properties); string localIPAddress = GetNetworkInterfaceCollection(resourceGroupName).GetAsync(networkInterfaceName).Result.Value.Data.IPConfigurations.FirstOrDefault().PrivateIPAddress; string securityRule1 = Recording.GenerateAssetName("azsmnet"); // Add a security rule var securityRule = new SecurityRuleData() { Name = securityRule1, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = "80", Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "*", }; var networkSecurityGroupCollection = GetNetworkSecurityGroupCollection(resourceGroupName); Response <NetworkSecurityGroupResource> nsg = await networkSecurityGroupCollection.GetAsync(resourceGroupName, networkSecurityGroupName); nsg.Value.Data.SecurityRules.Add(securityRule); var createOrUpdateOperation = await networkSecurityGroupCollection.CreateOrUpdateAsync(WaitUntil.Completed, networkSecurityGroupName, nsg.Value.Data); Response <NetworkSecurityGroupResource> networkSecurityGroup = await createOrUpdateOperation.WaitForCompletionAsync();; //Get view security group rules var viewNSGRulesOperation = await GetNetworkWatcherCollection("NetworkWatcherRG").Get("NetworkWatcher_westus2").Value.GetVmSecurityRulesAsync(WaitUntil.Completed, new SecurityGroupViewParameters(vm.Id)); Response <SecurityGroupViewResult> viewNSGRules = await viewNSGRulesOperation.WaitForCompletionAsync();; //Verify effective security rule defined earlier IEnumerable <EffectiveNetworkSecurityRule> getEffectiveSecurityRule = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1); Assert.AreEqual("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol); Assert.AreEqual(501, getEffectiveSecurityRule.FirstOrDefault().Priority); Assert.AreEqual("Deny", getEffectiveSecurityRule.FirstOrDefault().Access); Assert.AreEqual("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange); Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange); //Verify 6 default rules IEnumerable <SecurityRuleData> getDefaultSecurityRule1 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound"); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRule1.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule1.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRuleData> getDefaultSecurityRule2 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound"); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRule2.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRule2.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange); Assert.AreEqual("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRuleData> getDefaultSecurityRule3 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound"); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRule3.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRule3.FirstOrDefault().Access); Assert.AreEqual("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRuleData> getDefaultSecurityRuleData4 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound"); Assert.AreEqual("*", getDefaultSecurityRuleData4.FirstOrDefault().Protocol); Assert.AreEqual(65000, getDefaultSecurityRuleData4.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRuleData4.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRuleData4.FirstOrDefault().Direction); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRuleData4.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRuleData4.FirstOrDefault().DestinationPortRange); Assert.AreEqual("VirtualNetwork", getDefaultSecurityRuleData4.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRuleData4.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRuleData> getDefaultSecurityRuleData5 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound"); Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().Protocol); Assert.AreEqual(65001, getDefaultSecurityRuleData5.FirstOrDefault().Priority); Assert.AreEqual("Allow", getDefaultSecurityRuleData5.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRuleData5.FirstOrDefault().Direction); Assert.AreEqual("Internet", getDefaultSecurityRuleData5.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().SourcePortRange); IEnumerable <SecurityRuleData> getDefaultSecurityRuleData6 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound"); Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().Protocol); Assert.AreEqual(65500, getDefaultSecurityRuleData6.FirstOrDefault().Priority); Assert.AreEqual("Deny", getDefaultSecurityRuleData6.FirstOrDefault().Access); Assert.AreEqual("Outbound", getDefaultSecurityRuleData6.FirstOrDefault().Direction); Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().DestinationAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().DestinationPortRange); Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().SourceAddressPrefix); Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().SourcePortRange); }
public async Task NetworkSecurityGroupWithRulesApiTest() { Subscription subscription = await ArmClient.GetDefaultSubscriptionAsync(); string resourceGroupName = Recording.GenerateAssetName("csmrg"); string location = TestEnvironment.Location; var resourceGroup = await CreateResourceGroup(resourceGroupName); string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet"); string securityRule1 = Recording.GenerateAssetName("azsmnet"); string securityRule2 = Recording.GenerateAssetName("azsmnet"); string destinationPortRange = "123-3500"; var networkSecurityGroup = new NetworkSecurityGroupData() { Location = location, SecurityRules = { new SecurityRuleData() { Name = securityRule1, Access = SecurityRuleAccess.Allow, Description = "Test security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Inbound, Priority = 500, Protocol = SecurityRuleProtocol.Tcp, SourceAddressPrefix = "*", SourcePortRange = "655" } } }; // Put Nsg var networkSecurityGroupCollection = resourceGroup.GetNetworkSecurityGroups(); var putNsgResponseOperation = await networkSecurityGroupCollection.CreateOrUpdateAsync(networkSecurityGroupName, networkSecurityGroup); Response <NetworkSecurityGroup> putNsgResponse = await putNsgResponseOperation.WaitForCompletionAsync();; Assert.AreEqual("Succeeded", putNsgResponse.Value.Data.ProvisioningState.ToString()); // Get NSG Response <NetworkSecurityGroup> getNsgResponse = await networkSecurityGroupCollection.GetAsync(networkSecurityGroupName); Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Data.Name); Assert.AreEqual(6, getNsgResponse.Value.Data.DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.Data.DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.Data.DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.Data.DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.Data.DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.Data.DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.Data.DefaultSecurityRules[5].Name); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.Data.SecurityRules[0].Access); Assert.AreEqual("Test security rule", getNsgResponse.Value.Data.SecurityRules[0].Description); Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[0].DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getNsgResponse.Value.Data.SecurityRules[0].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.Data.SecurityRules[0].Direction); Assert.AreEqual(500, getNsgResponse.Value.Data.SecurityRules[0].Priority); Assert.AreEqual(SecurityRuleProtocol.Tcp, getNsgResponse.Value.Data.SecurityRules[0].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.Data.SecurityRules[0].ProvisioningState.ToString()); Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[0].SourceAddressPrefix); Assert.AreEqual("655", getNsgResponse.Value.Data.SecurityRules[0].SourcePortRange); // List NSG AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = networkSecurityGroupCollection.GetAllAsync(); List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Has.One.EqualTo(listNsgResponse); Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Data.Name); Assert.AreEqual(6, listNsgResponse.First().Data.DefaultSecurityRules.Count); Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().Data.DefaultSecurityRules[0].Name); Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().Data.DefaultSecurityRules[1].Name); Assert.AreEqual("DenyAllInBound", listNsgResponse.First().Data.DefaultSecurityRules[2].Name); Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().Data.DefaultSecurityRules[3].Name); Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().Data.DefaultSecurityRules[4].Name); Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().Data.DefaultSecurityRules[5].Name); Assert.AreEqual(getNsgResponse.Value.Data.Etag, listNsgResponse.First().Data.Etag); // List NSG in a subscription AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = subscription.GetNetworkSecurityGroupsAsync(); List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync(); Assert.IsNotEmpty(listNsgSubsciptionResponse); // Add a new security rule var SecurityRule = new SecurityRuleData() { Name = securityRule2, Access = SecurityRuleAccess.Deny, Description = "Test outbound security rule", DestinationAddressPrefix = "*", DestinationPortRange = destinationPortRange, Direction = SecurityRuleDirection.Outbound, Priority = 501, Protocol = SecurityRuleProtocol.Udp, SourceAddressPrefix = "*", SourcePortRange = "656", }; networkSecurityGroup.SecurityRules.Add(SecurityRule); putNsgResponseOperation = await networkSecurityGroupCollection.CreateOrUpdateAsync(networkSecurityGroupName, networkSecurityGroup); await putNsgResponseOperation.WaitForCompletionAsync();; // Get NSG getNsgResponse = await networkSecurityGroupCollection.GetAsync(networkSecurityGroupName); // Verify the security rule Assert.AreEqual(SecurityRuleAccess.Deny, getNsgResponse.Value.Data.SecurityRules[1].Access); Assert.AreEqual("Test outbound security rule", getNsgResponse.Value.Data.SecurityRules[1].Description); Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[1].DestinationAddressPrefix); Assert.AreEqual(destinationPortRange, getNsgResponse.Value.Data.SecurityRules[1].DestinationPortRange); Assert.AreEqual(SecurityRuleDirection.Outbound, getNsgResponse.Value.Data.SecurityRules[1].Direction); Assert.AreEqual(501, getNsgResponse.Value.Data.SecurityRules[1].Priority); Assert.AreEqual(SecurityRuleProtocol.Udp, getNsgResponse.Value.Data.SecurityRules[1].Protocol); Assert.AreEqual("Succeeded", getNsgResponse.Value.Data.SecurityRules[1].ProvisioningState.ToString()); Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[1].SourceAddressPrefix); Assert.AreEqual("656", getNsgResponse.Value.Data.SecurityRules[1].SourcePortRange); // List Default Security Groups AsyncPageable <SecurityRuleData> listDefaultSecurityGroupsAP = getNsgResponse.Value.GetDefaultSecurityRulesAsync(); List <SecurityRuleData> listDefaultSecurityGroups = await listDefaultSecurityGroupsAP.ToEnumerableAsync(); Assert.IsNotEmpty(listDefaultSecurityGroups); // Get Defaul Security Group // TODO: ADO 5975 //Response<SecurityRuleData> getDefaultSecurityGroups = await getNsgResponse.Value.GetDefaultSecurityRuleAsync(); //Assert.AreEqual(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Value.Name); // Delete NSG await putNsgResponse.Value.DeleteAsync(); // List NSG listNsgResponseAP = networkSecurityGroupCollection.GetAllAsync(); listNsgResponse = await listNsgResponseAP.ToEnumerableAsync(); Assert.IsEmpty(listNsgResponse); }
internal static SecurityRuleAssociations DeserializeSecurityRuleAssociations(JsonElement element) { Optional <NetworkInterfaceAssociation> networkInterfaceAssociation = default; Optional <SubnetAssociation> subnetAssociation = default; Optional <IReadOnlyList <SecurityRuleData> > defaultSecurityRules = default; Optional <IReadOnlyList <EffectiveNetworkSecurityRule> > effectiveSecurityRules = default; foreach (var property in element.EnumerateObject()) { if (property.NameEquals("networkInterfaceAssociation")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } networkInterfaceAssociation = NetworkInterfaceAssociation.DeserializeNetworkInterfaceAssociation(property.Value); continue; } if (property.NameEquals("subnetAssociation")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } subnetAssociation = SubnetAssociation.DeserializeSubnetAssociation(property.Value); continue; } if (property.NameEquals("defaultSecurityRules")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } List <SecurityRuleData> array = new List <SecurityRuleData>(); foreach (var item in property.Value.EnumerateArray()) { array.Add(SecurityRuleData.DeserializeSecurityRuleData(item)); } defaultSecurityRules = array; continue; } if (property.NameEquals("effectiveSecurityRules")) { if (property.Value.ValueKind == JsonValueKind.Null) { property.ThrowNonNullablePropertyIsNull(); continue; } List <EffectiveNetworkSecurityRule> array = new List <EffectiveNetworkSecurityRule>(); foreach (var item in property.Value.EnumerateArray()) { array.Add(EffectiveNetworkSecurityRule.DeserializeEffectiveNetworkSecurityRule(item)); } effectiveSecurityRules = array; continue; } } return(new SecurityRuleAssociations(networkInterfaceAssociation.Value, subnetAssociation.Value, Optional.ToList(defaultSecurityRules), Optional.ToList(effectiveSecurityRules))); }